2 matches found
CVE-2022-4162 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information...
CVE-2022-4162
The CVE-2022-4162 issue affects Contest Gallery WordPress plugin versions prior to 19.1.5.1 and Contest Gallery Pro prior to 19.1.5.1. The root cause is failure to escape the cg_row POST parameter before it is concatenated into an SQL query in 3_row-order.php, enabling an authenticated user with ...